Re: Why are there few viruses for UNIX/Linux systems?

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 08/23/03 

Date: Sat, 23 Aug 2003 18:12:55 GMT

Tim Haynes <usenet-20030823@stirfried.vegetable.org.uk> writes:
> I know of no native "layers of virtualisation" system in any M$loth OS,
> that's one of the problems. Around here, we have chroot() with GRsecurity
> patches for further security, jail() on *BSE, ctx server patches and UML.
> Take your pick, how do you want it to be "not the real machine" running
> your services today?
>
> MSware: VMware. Well, we got that *too*.

both cp/67 and vm/370 have had relatively good security records with
their virtual machine approach. There has been some discussion that
the B3(?) vax/vms rating was done by creating a virtual machine
abstraction below vms ... for various security domain and isolation
issues.

note that just about all of the mainframes now have flavor of vm/370
subset built into the hardware of the machine ... and just about all
mainframe installations (MVS, VM, Linux, etc) now are run in these
virtual machines aka virtual machine subset called LPARs (or logical
partitions). LPARS essentially grew out of the expanding VM "microcode
assists" that originally appeared on 370/158 (early 70s) .... until
there was sufficient amount of virtual machine microcode assists
embedded into the hardware of the machine ... that it was possible to
provide virtual machine subset (LPARs) even when not running full
blown virtual machine operating system.

The LPAR settings are typically setup under control of a "service
processor" that provides interfaces, diagnostics, and control of many
of the hardware features. However, service processors in their own
right could also have operating systems. The mainframe 3090 had a pair
of 4361s for service processors .... both running a highly modified
version of VM/370 release 6 ... and all the service panels and
interfaces were mostly implemented in IOS3270, an application running
under CMS (in virtual machine under VM/370).

misc. past LPAR references:
http://www.garlic.com/~lynn/98.html#45 Why can't more CPUs virtualize themselves?
http://www.garlic.com/~lynn/99.html#191 Merced Processor Support at it again
http://www.garlic.com/~lynn/2000.html#8 Computer of the century
http://www.garlic.com/~lynn/2000.html#63 Mainframe operating systems
http://www.garlic.com/~lynn/2000.html#86 Ux's good points.
http://www.garlic.com/~lynn/2000b.html#50 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000b.html#51 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000b.html#52 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000b.html#62 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000c.html#8 IBM Linux
http://www.garlic.com/~lynn/2000c.html#50 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#68 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#76 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000f.html#78 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#3 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2001b.html#72 Z/90, S/390, 370/ESA (slightly off topic)
http://www.garlic.com/~lynn/2001e.html#5 SIMTICS
http://www.garlic.com/~lynn/2001f.html#17 Accounting systems ... still in use? (Do we still share?)
http://www.garlic.com/~lynn/2001f.html#23 MERT Operating System & Microkernels
http://www.garlic.com/~lynn/2001h.html#2 Alpha: an invitation to communicate
http://www.garlic.com/~lynn/2001h.html#33 D
http://www.garlic.com/~lynn/2001m.html#38 CMS under MVS
http://www.garlic.com/~lynn/2001n.html#26 Open Architectures ?
http://www.garlic.com/~lynn/2001n.html#31 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2001n.html#32 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
http://www.garlic.com/~lynn/2002c.html#53 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)
http://www.garlic.com/~lynn/2002d.html#31 2 questions: diag 68 and calling convention
http://www.garlic.com/~lynn/2002e.html#25 Crazy idea: has it been done?
http://www.garlic.com/~lynn/2002e.html#75 Computers in Science Fiction
http://www.garlic.com/~lynn/2002f.html#6 Blade architectures
http://www.garlic.com/~lynn/2002f.html#57 IBM competes with Sun w/new Chips
http://www.garlic.com/~lynn/2002n.html#6 Tweaking old computers?
http://www.garlic.com/~lynn/2002n.html#27 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#28 why does wait state exist?
http://www.garlic.com/~lynn/2002o.html#0 Home mainframes
http://www.garlic.com/~lynn/2002o.html#15 Home mainframes
http://www.garlic.com/~lynn/2002o.html#16 Home mainframes
http://www.garlic.com/~lynn/2002o.html#18 Everything you wanted to know about z900 from IBM
http://www.garlic.com/~lynn/2002p.html#4 Running z/VM 4.3 in LPAR & guest v-r or v=f
http://www.garlic.com/~lynn/2002p.html#40 Linux paging
http://www.garlic.com/~lynn/2002p.html#44 Linux paging
http://www.garlic.com/~lynn/2002p.html#54 Newbie: Two quesions about mainframes
http://www.garlic.com/~lynn/2002p.html#55 Running z/VM 4.3 in LPAR & guest v-r or v=f
http://www.garlic.com/~lynn/2002q.html#26 LISTSERV Discussion List For USS Questions?
http://www.garlic.com/~lynn/2003.html#14 vax6k.openecs.org rebirth
http://www.garlic.com/~lynn/2003.html#15 vax6k.openecs.org rebirth
http://www.garlic.com/~lynn/2003.html#56 Wild hardware idea
http://www.garlic.com/~lynn/2003c.html#41 How much overhead is "running another MVS LPAR" ?
http://www.garlic.com/~lynn/2003f.html#56 ECPS:VM DISPx instructions
http://www.garlic.com/~lynn/2003k.html#9 What is timesharing, anyway? 

-- 
Anne & Lynn Wheeler   | lynn@garlic.com -  http://www.garlic.com/~lynn/ 
Internet trivia, 20th anniv: http://www.garlic.com/~lynn/rfcietff.htm

Relevant Pages

  • Re: OS Partitioning and security
    ... It means that every OS has its own hardware exept the ... for virtual machine support ... similar to the mainframe ... http://www.garlic.com/~lynn/2000b.html#50 VM (not VMS or Virtual Machine, the IBM sort) ...
    (comp.security.misc)
  • Re: Intel neuters Montvale, Itanic screams in alarm
    ... HP follows Apple and recognizes the obvious. ... Port VMS ... to x64 64 bit, and then run VMS as a virtual machine alongside Windows, ... impetus to a VMS port, especially if Dell gives up and takes on AMD64 ...
    (comp.os.vms)
  • Re: How to clone a virtual machine?
    ... > I purchased VMWare recently and it rocks. ... This is a bit off topic, but I assume one of those "common utilities" is ... structure and that's it- you've just cloned a virtual machine. ... I back up all my VMs onto DVD media and then I can quickly set them up ...
    (borland.public.delphi.non-technical)
  • Re: Running Jboss on Iseries (AS400) connecting to DB2
    ... Dieter Bender writes: ... Well, if you can run Linux in a virtual machine on a PC, why not do ... the same on a mainframe. ...
    (comp.sys.ibm.as400.misc)